WannaCry attack via SMB and Jaff by email

In all likelihood, the virus that has been causing such a stir in recent days has not spread by e-mail. Vincent Nguyen, director of Wavestone’s CERT, explains: “Everyone is looking for that famous initial e-mail, and in four days, no team has managed to get their hands on it. For our part, we can confirm that none of our customers has yet fallen victim to this virus, and that our 6 antivirus programs did not detect it during the period it was circulating.

It is highly likely that the hackers have identified “patient zero” workstations that could serve as the basis for propagation via self-replication. This virus uses a vulnerability in the Windows SMB (Server Message Block) protocol, present on older Microsoft operating systems, which was corrected by patch MS17-010. This is a reminder of the importance of updates. According to Europol, this attack, which affected more than 230,000 computers in over 150 countries, was carried out by North Korean hackers suspected of belonging to the Lazarus Group.

At the same time, however, there are still attacks via messaging. At present, Jaff, a recent Locky variant, is still on the loose, perhaps causing confusion. This virus is propagated via e-mails containing PDF attachments. This PDF document contains a malicious macro, via an embedded script in DOCM format, which initiates the download and execution of the ransomware. Alert CERTFR-2017-ALE-011 details the mechanism. Thanks to its 6 built-in antivirus programs and static sandboxing of PDFs, Altospam perfectly blocks such malware.

To protect yourself, 4 simple rules are essential: update, back-up, protect and raise awareness. The WannaCry attack is proof that operating systems (and software) need to be updated. It’s vital that companies implement strict updating procedures. What’s more, backups are essential, both to correct human error and to be able to restore a system in the event of an attack. Protection is obviously linked to firewalls, proxies and user workstation security, but above all to the implementation of a high-performance email protection system such as Altospam. Today, e-mail attacks are still the main vector for viruses, as they can be transmitted very quickly. The last fundamental point is user awareness. This high-profile attack had the merit of playing this role.